<?php
session_id($_GET['session_id']); 
session_start();

//doh!
include 'db.php';
include 'gallery.php';
include 'thumbnail_generator.php';

if($_SESSION['username'] !== '')
{
 	if(isset($_FILES['userfile']['name']))
	{
			//connect to database
			connect();
			selectDatabase();
			parseUpload();
			mysql_close();
	}
}

function parseUpload()
	{
		$uploaddir = UPLOAD_DIR; //$_SERVER['DOCUMENT_ROOT']. '/blog/gallery/';
		
		// Whether or not to allow the upload of specific files
		$allow_or_deny = false;
		// If the above is true, then this states whether the array of files is a list of
		// extensions to ALLOW, or DENY
		$allow_or_deny_method = "allow"; // "allow" or "deny"
		$file_extension_list = array("jpg","png","bmp","jpeg","zip");//zip files
		// -----------------------------------------------------------------------------
		if ($allow_or_deny){
			if (($allow_or_deny_method == "allow" && !in_array(strtolower(array_pop(explode('.', $_FILES['userfile']['name']))), $file_extension_list))
				|| ($allow_or_deny_method == "deny" && in_array(strtolower(array_pop(explode('.', $_FILES['userfile']['name']))), $file_extension_list))){		
				// Atempt to upload a file with a specific extension when NOT allowed.
				// 403 error
				header("HTTP/1.1 403 Forbidden");
				echo "POSTLET REPLY\r\n";
				echo "POSTLET:NO\r\n";
				echo "POSTLET:FILE TYPE NOT ALLOWED\r\n";
				echo "POSTLET:ABORT THIS\r\n"; // Postlet should NOT send this file again.
				echo "END POSTLET REPLY\r\n";
				exit;
			}
		}
	 	
		echo $_FILES['userfile']['tmp_name']."\n";
	 	
		//check for zip archive
		if(check_zip($_FILES['userfile']['name']) === TRUE)
		{
			move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir .$_FILES['userfile']['name']);

			//check if ZipArchive is supported
			if (class_exists("ZipArchive"))
			{
				$uncompress_list = array();

				$zip = new ZipArchive();
				$res = $zip->open($uploaddir .$_FILES['userfile']['name']);

				//did we really opened the file, or is there sth wrong?
				if($res === TRUE)
				{
					for($i = 0; $i < $zip->numFiles; $i++)
					{
						//file list
						$stat = $zip->statIndex($i);
						$uncompress_list[] = $stat['name'];
					}

					//overwrite images?
					//extract to
					$zip->extractTo($uploaddir);

					//close stream
					$zip->close();
				}

				//insert images to database
				foreach($uncompress_list as $image)
				{
					//check if file really is an image?

					//create thumbnail
					createthumb($uploaddir .$image,$uploaddir .'thumb_'.$image,150,150);

					//add picture to album
					Picture::addPicture($image);
				}
					
				unlink($uploaddir.$_FILES['userfile']['name']);
			}

			// All replies MUST start with "POSTLET REPLY", if they don't, then Postlet will
			// not read the reply and will assume the file uploaded successfully.
			echo "POSTLET REPLY\r\n";
			// "YES" tells Postlet that this file was successfully uploaded.
			echo "POSTLET:YES\r\n";
			// End the Postlet reply
			echo "END POSTLET REPLY\r\n";
			exit;

		}
		else
		if(check_image($_FILES['userfile']['name']) === TRUE)
		{
			move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir .$_FILES['userfile']['name']);
			//create thumbnail
			createthumb($uploaddir .$_FILES['userfile']['name'],$uploaddir .'thumb_'.$_FILES['userfile']['name'],150,150);
				
			//add picture to album
			Picture::addPicture($_FILES['userfile']['name']);

			// All replies MUST start with "POSTLET REPLY", if they don't, then Postlet will
			// not read the reply and will assume the file uploaded successfully.
			echo "POSTLET REPLY\r\n";
			// "YES" tells Postlet that this file was successfully uploaded.
			echo "POSTLET:YES\r\n";
			// End the Postlet reply
			echo "END POSTLET REPLY\r\n";
			exit;
		}
		else
		{
			// If the file can not be uploaded (most likely due to size), then output the
			// correct error code
			// If $_FILES is EMPTY, or $_FILES['userfile']['error']==1 then TOO LARGE
			if (count($_FILES)==0 || $_FILES['userfile']['error']==1){
				// All replies MUST start with "POSTLET REPLY", if they don't, then Postlet will
				// not read the reply and will assume the file uploaded successfully.
				header("HTTP/1.1 413 Request Entity Too Large");
				echo "POSTLET REPLY\r\n";
				echo "POSTLET:NO\r\n";
				echo "POSTLET:TOO LARGE\r\n";
				echo "POSTLET:ABORT THIS\r\n"; // Postlet should NOT send this file again.
				echo "END POSTLET REPLY\r\n";
				exit;
			}
			// Unable to write the file to the server ALL WILL FAIL
			else if ($_FILES['userfile']['error']==6 || $_FILES['userfile']['error']==7){
				// All replies MUST start with "POSTLET REPLY", if they don't, then Postlet will
				// not read the reply and will assume the file uploaded successfully.
				header("HTTP/1.1 500 Internal Server Error");
				echo "POSTLET REPLY\r\n";
				echo "POSTLET:NO\r\n";
				echo "POSTLET:SERVER ERROR\r\n";
				echo "POSTLET:ABORT ALL\r\n"; // Postlet should NOT send any more files
				echo "END POSTLET REPLY\r\n";
				exit;
			}
			// Unsure of the error here (leaves 2,3,4, which means try again)
			else {
				// All replies MUST start with "POSTLET REPLY", if they don't, then Postlet will
				// not read the reply and will assume the file uploaded successfully.
				header("HTTP/1.1 500 Internal Server Error");
				echo "POSTLET REPLY\r\n";
				echo "POSTLET:NO\r\n";
				echo "POSTLET:UNKNOWN ERROR\r\n";
				echo "POSTLET:RETRY\r\n";
				print_r($_REQUEST); // Possible usefull for debugging
				echo "END POSTLET REPLY\r\n";
				exit;
			}
		}
	}
	
	function check_zip($name)
	{
		$file_extension_list = array("zip");
		
		if (in_array(strtolower(array_pop(explode('.', $name))), $file_extension_list))
		{	
			return TRUE;
		}
		
	}
	
	function check_image($name)
	{
		$file_extension_list = array("jpg","png","bmp","jpeg");
		
		if (in_array(strtolower(array_pop(explode('.', $name))), $file_extension_list))
		{	
			return TRUE;
		}
		
	}
?>